Responses w/ 404 Bad Request when virtual host name starts with a number. Easy to fix: diff -ruN lighttpd-1.4.19.orig/src/request.c lighttpd-1.4.19/src/request.c --- lighttpd-1.4.19.orig/src/request.c 2008-06-19 06:30:05.000000000 +0200 +++ lighttpd-1.4.19/src/request.c 2008-06-19 06:30:33.000000000 +0200 @@ -125,7 +125,7 @@ } } else if (i == 0) { /* the first character of the hostname */ - if (!light_isalpha(c)) { + if (!light_isalnum(c)) { return -1; } label_len++; Reproducible: Always
If following the RFCs strictly, a host name can not start with a number. Quoting RFC952: <name> ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>] However, after someone (by mistake) assigned 3com the domain name 3com.com some twenty-odd years ago, the practice has been to allow it even though it's technically wrong (cf. Mockapetris et al.) In other words, yeah, this should be fixed despite being "correct".
it would be of help, if somebody could push this bug upstream... thanks.
reported upstream
Current status (as of writing): checked in but not in a release.
Sorry for the noise. I could apply this patch to 1.4.23 in Gentoo if the maintainers wanted it done but didn't have time. Additionally, if you would like to defer this until a release by upstream, please remove bug 286134 from the blocker field. thanks & let me know :)
we can stable without this. ARCHs, please go ahead. thanks...
Confirmed this patch is in 1.4.24 by looking at the source code but it is not in the NEWS file.
Ugh, sorry for the noise (again). It *is* in the NEWS file, but by a different tracker number... * Allow digits in hostnames in more places (fixes #1148)
1.4.24 is in the tree. Closing. Thanks Thilo
